drj logo

"*" indicates required fields

Name*
Zip Code*
Please enter a number from 0 to 100.
Strength indicator
I agree to the Terms of Service and Privacy Policy*
Yes, of course I want to receive emails from DRJ!
This field is for validation purposes and should be left unchanged.

Already have an account? Log in

drj logo

Welcome to DRJ

Already registered user? Please login here

Login Form

Register
Forgot password? Click here to reset

Create new account
(it's completely free). Subscribe

x
DRJ Fall 2025 Dallas Show
Skip to content
Disaster Recovery Journal
  • EN ESPAÑOL
  • SIGN IN
  • SUBSCRIBE
  • THE JOURNAL
    • Why Subscribe to DRJ
    • Digital Edition
    • Article Submission
    • DRJ Annual Resource Directories
    • Article Archives
    • Career Spotlight
  • EVENTS
    • DRJ Fall 2025
    • DRJ Spring 2026 Call for Papers
    • DRJ Scholarship
    • Other Industry Events
    • Schedule & Archive
    • Send Your Feedback
  • WEBINARS
    • Upcoming Webinars
    • On Demand
  • MENTOR PROGRAM
  • DRJ ACADEMY
    • DRJ Academy
    • Beginner’s Guide to BC
  • RESOURCES
    • New to Business Continuity?
    • White Papers
    • DR Rules and Regs
    • Planning Groups
    • Business Resilience Decoded
    • DRJ Glossary of Business Continuity Terms
    • Careers
  • ABOUT
    • Advertise with DRJ
    • DEI
    • Board and Committees
      • Executive Council Members
      • Editorial Advisory Board
      • Career Development Committee
      • Glossary Committee
      • Rules and Regulations Committee
  • Podcast

EHNAC’s Executive Director Offers Comment on ONC Draft 2 of the Trusted Exchange Framework

by Jon Seals | April 24, 2019 | Uncategorized | 0 comments

FARMINGTON, Conn. – Last week, the Department of Health and Human Services’ (HHS) Office of the National Coordinator for Health Information Technology (ONC), issued draft 2 of the Trusted Exchange Framework as well as a public comment period through June 17, 2019. Lee Barrett, CEO and executive director of the Electronic Healthcare Network Accreditation Commission (EHNAC), and a member of both the Executive Steering Committee for the ONC’s Payer + FAST FHIR Task Force and the HHS Cybersecurity Task Force (405d), and convener of the National Trust Network Data Sharing and Cybersecurity Task Group, shared his perspectives on the Trusted Exchange Framework’s second draft and its implications on healthcare:

“EHNAC commends ONC for streamlining this document and providing the companion document entitled “TEFCA2 Draft User Guide” containing user-friendly charts, basic explanations and multiple practical data exchange examples. The form and content of this User Guide distills the complexity of interoperability into a form and process which is easily understandable.

“TEFCA Draft 2 further embraces the Office for Civil Rights concept of each participant of the Health Information Network (HIN) being accountable for the Electronic Health Information (EHI) it creates, receives, maintains and transmits. EHNAC has embedded this requirement for Protected Health Information (PHI) into its 18 accreditation programs and believes strongly that understanding what data is handled, and how and where it is created, received, maintained and transmitted is foundational to safeguarding information.

“The MRTCs (Minimum Required Terms and Conditions) Draft 2 requires that Qualified Health Information Networks (QHINs) comply with HIPAA Privacy and Security Rules as it pertains to EHI. This includes complying with NIST Special Publication 800-171 (Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations) as well as ongoing compliance with the current HIPAA Security Rule cross-walked to the NIST Cybersecurity Framework. Additionally, TEFCA Draft 2 also discusses the “Trusted Exchange Framework” (TEF) provided in Appendix 1 and the “QHIN Technical Framework” provided in Appendix 3. These components of the Rule (per TEFCA Draft 1) have been reviewed in detail and the Trusted Network Accreditation Program (TNAP) industry collaborative initiative has addressed them.

“Whether a covered entity or business associate, participants and participant members must take reasonable steps to promote the confidentiality, integrity and availability (CIA) of EHI, including maintaining reasonable and appropriate administrative, technical and physical safeguards; to protect against reasonably anticipated impermissible Uses and Disclosures; to identify and protect against reasonably anticipated threats to the security/integrity of EHI; and monitor workforce compliance. EHNAC confirms that all organizations holding current EHNAC accreditation can be assured the requirements of NIST 800-171; the HIPAA Security Rule; the NIST Cybersecurity Framework and more industry accepted standards and best practices are already included as part of their accreditation review framework.”

For organizations interested in accreditation programs for Interoperability, EHNAC has created the Trusted Network Accreditation Program (TNAP). In July 2018, EHNAC and 30 other healthcare organizations began an industry collaboration to develop this program which aligns the principles of 21st Century Cures Act/TEFCA Draft 1 including interoperability and security/privacy of healthcare data exchange using the “digital highway.” Emerging technologies such as blockchain, enhanced identity verification/authentication and many industry-led best practices and standards are included. Requirements from HITRUST; NIST 800-171, 800-63A, 800-63B; and HIPAA 45CFR 164. 400-414 and others are embedded. Within the next month (May 2019), this industry-led coalition will launch a comprehensive website devoted to this important issue. In the meantime, call EHNAC at 860.408.1620 if you are interested in participating in this program that is currently in BETA phase.

The Trusted Exchange Framework is an initiative to facilitate interoperability in health IT, as required by the 21st Century Cures Act of 2016, and “advances Congress’ intent that building and maintaining trust is an important core element in ensuring that health information is available where and when it is needed to manage patient health and care”. In January 2019, ONC issued its first draft of the Trusted Exchange Framework.

The period to comment on draft 2 of the Trusted Exchange Framework in addition to MRTCs, and QHIN Technical Framework closes on June 17, 2019. Comments can be submitted at exchangeframework@hhs.gov.

About EHNAC

The Electronic Healthcare Network Accreditation Commission (EHNAC) is a voluntary, self-governing standards development organization (SDO) established to develop standard criteria and accredit organizations that electronically exchange healthcare data. These entities include accountable care organizations, data registries, electronic health networks, EPCS vendors, e-prescribing solution providers, financial services firms, health information exchanges, health information service providers, management service organizations, medical billers, outsourced service providers, payers, practice management system vendors and third-party administrators. The Commission is an authorized HITRUST CSF Assessor, making it the only organization with the ability to provide both EHNAC accreditation and HITRUST CSF certification.

EHNAC was founded in 1993 and is a tax-exempt 501(c)(6) nonprofit organization. Guided by peer evaluation, the EHNAC accreditation process promotes quality service, innovation, cooperation and open competition in healthcare. To learn more, visit www.ehnac.org, contact info@ehnac.org, or follow us on Twitter, LinkedIn and YouTube.

Related Content

  1. Disaster Recovery Journal
    Exhibitors Guide
  2. The Role the NIST Framework Should Play in Creating a Cyber Secure DR Infrastructure
  3. Disaster Recovery Journal
    Exhibitors Guide

Recent Posts

Flexential’s 2024 ESG Report Details Advancements Across Data Center Efficiency, Talent Support, and Operational Oversight

July 16, 2025

DuploCloud Announces Availability of AI Suite in the New AWS Marketplace AI Agents and Tools Category

July 16, 2025

Exodigo Brings AI Efficiency to Infrastructure Industry, Closes $96 Million Series B

July 16, 2025

IObit Launches IObit Software Updater 8: Intelligent Software Management for Enhanced Security

July 16, 2025

New Incogni Study Reveals Massive Data Sharing and Privacy Risks in Popular Buy Now, Pay Later Apps

July 16, 2025

iCOUNTER Emerges from Stealth to Launch Cyber Risk Intelligence Category

July 16, 2025

Archives

  • July 2025 (35)
  • June 2025 (54)
  • May 2025 (59)
  • April 2025 (91)
  • March 2025 (57)
  • February 2025 (47)
  • January 2025 (73)
  • December 2024 (82)
  • November 2024 (41)
  • October 2024 (87)
  • September 2024 (61)
  • August 2024 (65)
  • July 2024 (48)
  • June 2024 (55)
  • May 2024 (70)
  • April 2024 (79)
  • March 2024 (65)
  • February 2024 (73)
  • January 2024 (66)
  • December 2023 (49)
  • November 2023 (80)
  • October 2023 (67)
  • September 2023 (53)
  • August 2023 (72)
  • July 2023 (45)
  • June 2023 (61)
  • May 2023 (50)
  • April 2023 (60)
  • March 2023 (69)
  • February 2023 (54)
  • January 2023 (71)
  • December 2022 (54)
  • November 2022 (59)
  • October 2022 (66)
  • September 2022 (72)
  • August 2022 (65)
  • July 2022 (66)
  • June 2022 (53)
  • May 2022 (55)
  • April 2022 (60)
  • March 2022 (65)
  • February 2022 (50)
  • January 2022 (46)
  • December 2021 (39)
  • November 2021 (38)
  • October 2021 (39)
  • September 2021 (50)
  • August 2021 (77)
  • July 2021 (63)
  • June 2021 (42)
  • May 2021 (43)
  • April 2021 (50)
  • March 2021 (60)
  • February 2021 (16)
  • January 2021 (554)
  • December 2020 (30)
  • November 2020 (35)
  • October 2020 (48)
  • September 2020 (57)
  • August 2020 (52)
  • July 2020 (40)
  • June 2020 (72)
  • May 2020 (46)
  • April 2020 (59)
  • March 2020 (46)
  • February 2020 (28)
  • January 2020 (36)
  • December 2019 (22)
  • November 2019 (11)
  • October 2019 (36)
  • September 2019 (44)
  • August 2019 (77)
  • July 2019 (117)
  • June 2019 (106)
  • May 2019 (49)
  • April 2019 (47)
  • March 2019 (24)
  • February 2019 (37)
  • January 2019 (12)
  • ARTICLES & NEWS

    • Business Continuity
    • Disaster Recovery
    • Crisis Management & Communications
    • Risk Management
    • Article Archives
    • Industry News

    THE JOURNAL

    • Digital Edition
    • Advertising & Media Kit
    • Submit an Article
    • Career Spotlight

    RESOURCES

    • White Papers
    • Rules & Regulations
    • FAQs
    • Glossary of Terms
    • Industry Groups
    • Business & Resource Directory
    • Business Resilience Decoded
    • Careers

    EVENTS

    • Fall 2025
    • Spring 2025

    WEBINARS

    • Watch Now
    • Upcoming

    CONTACT

    • Article Submission
    • Media Kit
    • Contact Us

    ABOUT DRJ

    Disaster Recovery Journal is the industry’s largest resource for business continuity, disaster recovery, crisis management, and risk management, reaching a global network of more than 138,000 professionals. Offering weekly webinars, the latest industry news, rules and regulations, podcasts, the industry’s only official mentoring program, a quarterly magazine, and two annual live conferences, DRJ is leading the way to keep professionals up-to-date and connected in an ever-changing world.

    LEARN MORE

    LINKEDIN AND TWITTER

    Disaster Recovery Journal is the leading publication/event covering business continuity/disaster recovery.

    Follow us for daily updates

    LinkedIn

    @drjournal

    Newsletter

    The Journal, right in your inbox.

    Be informed and stay connected by getting the latest in news, events, webinars and whitepapers on Business Continuity and Disaster Recovery.

    Subscribe Now
    Copyright 2025 Disaster Recovery Journal
    • Terms of Use
    • Privacy Policy